<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=743743289656854&amp;ev=PageView&amp;noscript=1">
Skip to content
Webcast

Pwn2Own Berlin 2026: Inside the ESXi VM Escape

Thursday, July 16, 2026 |
11:00 AM - 12:00 PM CST |
Register Now

About Event

At Pwn2Own Berlin 2026, researchers from STARLabs SG demonstrated a working memory-corruption flaw in VMware ESXi that enabled a full VM escape and cross-tenant code execution—an attacker with admin access inside a guest VM breaking the isolation boundary to run code on the host and reach other tenants' VMs. As of today, there's no CVE assigned, no patch available, and technical details remain embargoed under Pwn2Own disclosure rules. The exploit is real, and the disclosure clock has started.
 
In this session, Joseph Comps, Solution Engineer & Threat Intelligence Analyst at Vali Cyber, breaks down what we know so far, what we expect when the embargo lifts, and the broader patterns we're tracking in hypervisor-targeted attacks. Drawing on the 2025 precedent—where ESXi escape exploits demonstrated in May were patched in July—we'll talk through the realistic exposure window between public disclosure and a qualified patch, and what teams running multi-tenant infrastructure can do to stay protected in the meantime. We'll also cover why VM escapes are a uniquely impactful bug class, and how preemptive controls at the VMX choke point can address the whole category—not just a single signature—so hosts are defended before a patch exists. As this situation is still developing, we'll update the session accordingly if and when more information is released.
 
What you'll learn:
  • What was demonstrated at Pwn2Own Berlin 2026 and why VM escapes are significant
  • What to expect on CVE assignment, patch timing, and the disclosure-to-patch window
  • The hypervisor attack patterns we're seeing across recent campaigns
  • How preemptive, mitigating controls keep hosts protected before a fix is available

Speaker

Joseph Comps

Joseph Comps

Joseph Comps is a Threat Intelligence analyst at Vali Cyber and conducts various Red Team assessments for the company. He has a bachelor’s degree in Cybersecurity from the University of Maryland and spent most of his initial career in the Marine Corps and Air Force Special Warfare. 

Event Partners

Vali Cyber® secures where attacks have the most impact: mission critical systems. While most defenses focus on endpoints, Vali Cyber identified Linux and hypervisors as critical yet under protected. Built for this reality, ZeroLock®delivers preemptive security with CLI-MFA, exploit prevention, deep hypervisor visibility, and AI-driven behavioral detection. By operating at the hypervisor layer, ZeroLock stops threats in real time without performance impact or added overhead. If incidents occur, automated rollback restores workloads in seconds, ensuring uptime. Recognized by Gartner as a Key Startup in Security Software, Vali Cyber leads by protecting the foundation of modern infrastructure others overlook.